SANS Institute Information Security Reading Room - SANS.org
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
SANS Institute Information Security Reading Room The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem ______________________________ Bradley Fulton Copyright SANS Institute 2020. Author Retains Full Rights. This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
The Weakest Link: The Human Factor
Lessons Learned from the German WWII Enigma Cryptosystem
Prelude
With quadrillions of possible encryptions for each message, the German Enigma machine was, at
its time, quite possibly the most advanced cryptosystem in the world. “If 1000 operators with
captured machines tested four keys a minute 24 hours a day, it would take them 900 million
years to try them all! The Germans were convinced that their codes were quite unbreakable.” 1
ts
Objective
igh
This paper highlights the need for security professionals and management to not overlook the
weakest link in security systems – that being the human factor. It is easy to become overly
ll r
confident
Key fingerprint
solely in the
= AF19
use ofFA27
advanced
2F94algorithms
998D FDB5 andDE3D
technology.
F8B5 06E4
History
A169shows
4E46reliance on an
advanced technology is doomed if the people operating the system are not fully trained and
fu
managed.
ins
Description of the German Enigma Cryptosystem
eta
For roughly 20 years (1926-1945), the Germans employed a cryptosystem, called Enigma.
rr The cipher was an electro-
mechanical portable device,
ho
which looked similar to a
ut
typewriter. (See Figure 1).
,A
An operator would press a
character key on the
01
keyboard, and an output lamp
20
would illuminate the encoded
substitution - a letter for letter
te
serial cipher.
tu
Electrical current would flow
sti
through a scrambling unit,
In
made up of rotors. Each
rotor was hardwired to make
NS
a substitution, from the 26
SA
electrical contacts on one side
to the 26 on the other. A
rotor’s internal wiring was
©
not able to be modified. The
rotors were placed side by
side; one rotor’s electrical
2
output was the input of the
Figure
Key1:fingerprint
Photo of Enigma
= AF19Machine, with cover
FA27 2F94 998Dopen
FDB5 DE3D F8B5 06E4
nextA169
rotor.4E46
The interesting feature of this device was the turning motion of the rotors. As one or more rotors
moved, different electrical circuits would connect throughout the scrambling unit. This resulted
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.in identical initial input letters to have different substitutions, from the Enigma machine. For
example, G typed three times might produce UAZ, instead of UUU.
A cipher with each letter correspondingly always having the same substitution would be
considered a simple cipher. Below is an example of a simple cipher using a mono-alphabetic
substitution. The bottom row comprises the substitutes for the corresponding top row plain text
alphabet.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
ts
Z S E X D R C F T V G Y B W H U N J I M K O L Q A P
igh
Using the above as the cipher key, a message such as, “Panzers need fuel”, would be encrypted
ll r
as “UZWPD
Key fingerprint
JIWDD = XRKDY”,
AF19 FA27(grouped
2F94 998Din blocks
FDB5of DE3D
five).F8B5
Simple
06E4
ciphers
A169can4E46
be broken using
the fact certain letters of the alphabet are more often used than others. For instance, notice the
fu
number of times the letter ‘e’ was used in the previous sentence. With a large message,
ins
encrypted from a mono-alphabetic cipher, one can initially deduce the plain text by counting the
occurrences of letters. The German Enigma system was not susceptible to this simple method of
eta
cracking because it was a poly-alphabetic system. Each time a key was pressed, one or more of
the rotors would turn, resulting in essentially a different encoding alphabet, for each input letter.
rr
The rotors could be removed and inserted in a different sequence. The Germans had at least
ho
eight different rotors from which three were placed into the Enigma machine. One day the
ut
sequence might be VIII, III, VI, the next day the sequence might be III, V, I.
,A
An adjustable ring on each rotor determined when its neighboring rotor to the left would rotate.
01
The right-most rotor always turned 1/26th of a full rotation, as each key was pressed. With
20
enough turns (or key presses), the right-most rotor would come to the specified ring position
causing the neighboring rotor to its left to turn 1/26th of a rotation. This turning of the rotors can
te
be likened to an odometer, with the ‘turn-over’ point adjustable on the rotors.
tu
The German military added another layer of substitution, to the Enigma machine, not
sti
implemented on the early commercial version. A plugboard (“Stecker board”) with patchcords
In
was on the front of the Enigma machine. In this way, predetermined keyboard letters were
substituted with another letter before being sent to the rotors. At first 6 patchcords were
NS
employed, but later this number was upped to 10.
SA
One can see, the Enigma machine had several initial settings - the rotor sequence, the rings on
the rotors, and the patchcords on the front. These start settings were called the “key”.
©
A ‘reflecting’ mechanism, left of the rotors, sent the electrical signal back into the rotors in the
opposite direction, through different contacts. This made the Enigma machine reciprocal. For
example, if pressing T results in X lighting up, then pressing X (with the same settings) would
result
Keyin fingerprint
T. Thus the= ‘reflecting’
AF19 FA27mechanism
2F94 998Dsimplified
FDB5 DE3D the operational
F8B5 06E4procedures
A169 4E46 of the Enigma
cryptosystem, by allowing encoding and decoding using the same key settings.
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.(See Figure 2). “In this illustration, when key W is pressed
on the keyboard (5) current from the battery (4) flows to
the plugboard panel socket W, but socket W has been
plugged to socket X so current flows up to the entry disc
(E) at point X. The current then flows through the internal
wiring in the rotors (2) to the reflector (1). Here it is turned
round and flows back through the rotors in the reverse
direction emerging from the entry disc at terminal H.
ts
Terminal H on the Entry disc is connected to socket H on
igh
the plugboard (6) but this socket is plugged to socket I so
finally the current flows to lamp I which lights up.
ll r
Key fingerprint = AF19 FA27 2F94
Thus
998Din this
FDB5 instance,
DE3DtheF8B5
letter
06E4
W is
A169 4E46 to I.” 4
enciphered
fu
The keyboard was laid out as follows:
ins
QWERTZUIO
eta
ASDFGHJK
rr PYXCVBNML
ho
ut
,A
Figure 2: Circuit Diagram of Enigma 3
01
Operation of the German Enigma Cryptosystem
20
Steps taken by both Sender and Receiver, (as prearranged for time and date):
te
tu
1. set the rotor sequence (e.g. V, II, III).
sti
2. set the rings (e.g. 14, 22, 04).
In
NS
3. set the patchcords (e.g. D - E, T - F, C - Q, G - B, L - P, K - S).
SA
Steps taken by the Sender:
©
1. turn the rotors to a “random” starting position, of his choosing (e.g. FRE), called the
“indicator-setting”.
2. type a “random” sequence code twice (e.g. YASYAS), called the “message-setting”, which
produced an output called the “indicator” (e.g. VIMWQZ).
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
3. again set the rotors, but this time to the “message-setting” (e.g. YAS), from the previous step.
4. key in the message into the Enigma machine, obtaining the encoded message.
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.5. using another device*, transmit to the receiver.
* note: The Enigma machine was only an encoding/decoding device. It did not
transmit or receive (or even print, for that matter).
The transmitted message had the following form:
1. in clear text, a preamble indicating call signs, time, length of message, and the
“indicator-setting” (e.g. FRE – see Sender step #1).
ts
igh
2. in clear text, other various information about the message.
ll r
Key3.fingerprint
in clear text,
= AF19
the “indicator”
FA27 2F94(e.g.
998DVIMWQZ
FDB5 DE3D
– seeF8B5
Sender
06E4
stepA169
#2). 4E46
fu
4. the encrypted message.
ins
Steps taken by the Receiver:
eta
1. move the rotors to the “indicator-setting” (e.g. FRE)
rr
2. key in the “indicator” (e.g. VIMWQZ), which would produce the “message-setting” (e.g.
ho
YASYAS).
ut
,A
3. move the rotors again, this time to the “message-setting” (e.g. YAS)
01
4. key in the encrypted message, for deciphering.
20
The Importance of Enigma
te
tu
German forces swept most of Europe, with their “blitzkrieg”, of Stuka dive-bombers, panzers
and mechanized infantry. Poland was invaded in 1939, with incredible speed. France (which at
sti
the time, was considered superior in manpower, material and defensive positioning) was quickly
In
dominated in 1940. U-boats of the German navy were crippling Great Britain. The island nation
had a critical reliance to supply itself using merchant ships. Vital raw material was ever
NS
increasingly being sunk by U-boat ‘wolf packs’. The Germans accomplished this through an
SA
efficient command and control. Generals and admirals most often kept in contact with field
commanders through the use of radio communications. They knew the enemy could easily listen
in on radio waves, so the Germans relied heavily upon the Enigma cryptosystem to keep
©
messages secret.
The Enigma cryptosystem was designed to be secure, even if one or more Enigma machines fell
into enemy hands. The ‘keys’ (initial settings) were changed daily (most often), and were issued
to units
Key by
fingerprint
courier, on
= AF19
a monthly
FA27basis.
2F94 998D
The enormous
FDB5 DE3D combination
F8B5 06E4of settings
A169 4E46
for the rotor
sequence, rings and patchcords made the task of breaking the Enigma code a virtual
impossibility. But the Allies did crack the code, due in large part to the human factor – the
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.combination of blundering and laziness of the operators, along with the German conviction that
their cryptosystem would not be broken.
How Enigma was cracked
Three individuals from the Polish Cipher Bureau who stand out as pioneers in cracking the
Enigma code are Marian Rejewski, Jerzy Rózycki and Henryk Zygalski. Through determination
and perseverance they accomplished the many extraordinary steps needed to crack the Enigma
cryptosystem. These pioneers purchased a commercial version of an Enigma machine, in
ts
the1920’s, when the machines were still available. The French Intelligence service offered the
igh
Poles a booklet, obtained by a German traitor, describing the Enigma setup procedures. (The
French and English, at the time, thought the information was impractical). The German traitor
ll r
wasKey
laterfingerprint
convinced=toAF19
provide
FA27old2F94
(and 998D
what he
FDB5
thought,
DE3D seemingly
F8B5 06E4
useless)
A169messages
4E46 in
plaintext and coded format, along with the starting keys! Rejewski brilliantly set up
fu
mathematical permutation equations and was finally able to deduce the wiring of the rotors used.
ins
At this point the Poles, remarkably, had a working model of the German’s Enigma. But to
eta
decipher messages, the initial setting (or daily key) was needed. As it turns out, clues of the
initial settings were frequently deduced because of procedural flaws and the lack of training of
rr
the German operators. The dangers of the human factor, were overlooked by the Germans, and
continually compromised their most trusted cryptosystem.
ho
ut
One such example, of a procedural flaw and lack of training, was the Enigma operators were
,A
picking easy to guess “message-settings”. Every Enigma machine was set to the ‘daily key’, but
the sender was allowed to pick a so-called random “message-setting”. Operators many times
01
used keyboard ‘shortcuts’, such as diagonals (e.g. QAY *), repetitions (e.g. AAA), or girlfriends’
20
initials. Many radio operators were identified by their ‘fists’ (their unique way in which they
operated the radio transmitting device). By identifying the German operator, and knowing his
te
tendency to use certain keyboard shortcuts, the Allies were sometimes able to group several
tu
messages together with guessed “message-settings”, and painstakingly work out the daily key.
* note: see Standard German Keyboard Layout, By Phillip, Tim (January 1999)
sti
URL: http://carbon.cudenver.edu/~tphillip/GermanKeyboardLayout.html
In
Also by identifying the operator, many times the military unit would be known. The Germans
NS
predictably sent messages with “to” and “from” the units involved. Knowing parts of the
SA
message beforehand, gives a foothold into cracking the code. One German operator faithfully
transmitted “nothing to report” (if such was the case), everyday using the daily key.
©
Some careless Enigma operators, who did not set the machine to the new daily key settings,
would resend the identical message again with the correct key. The Allies were able to find
many clues by comparing the identical messages.
TheKey
blame
fingerprint
should not
= AF19
be entirely
FA27on2F94
the 998D
EnigmaFDB5
operators.
DE3D First,
F8B5 the
06E4
German
A169 leaders
4E46 initially did
not properly train the operators. Secondly the doubly enciphered “message-setting” was a
serious mistake. “This was a primitive form of error-correcting code, ensuring that this vital
message key arrived correctly, despite possibly bad radio connections. But it meant transmitting
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.redundant information, and this mistake gave the Polish analysts their great success in the period
just before the outbreak of war.” 5
Lastly and most importantly, the German leaders would simply not accept that their Enigma
cryptosystem was being cracked. This was remarkable since German weather ships were being
captured in 1941, giving the British the printed key sheets for an entire month, each time. The
German leaders must have assumed all Enigma material and documentation would be properly
destroyed by the crew. The arrogant German leaders failed to take the precaution of changing
the monthly sheet of daily keys.
ts
igh
The Germans made improvements in the Enigma cryptosystem, as time progressed. In
November 1937, the rotors were rewired. In December 1938, additional rotors to choose from
ll r
wereKey
made.
fingerprint
But this= was
AF19allFA27
too late,
2F94because
998D FDB5
the Poles
DE3Dhad F8B5
developed
06E4aA169
methodology
4E46 into
cracking the Enigma code.
fu
ins
The Poles met secretly with their British allies, and handed over the entire cracking operation, in
July 1939, just weeks before Germany invaded Poland. At the time, the British were
eta
dumbfounded, as they were previously considering giving up on ever being able to crack the
Enigma code. During the war, the British took over the Enigma cracking operations, which they
rr
codenamed Ultra, and centered it on an estate 40 miles from London, called Bletchley Park.
ho
The Germans continued to improve upon Enigma – most importantly by tightening their
ut
procedural flaws. The practice of double enciphering the “message-setting” was dropped in May
,A
1940. Operators were no longer allowed to randomly pick the “message-setting”. Sheets were
printed supplying operators with “message-settings”.
01
20
Once the Americans were in the war, they facilitated Ultra. As the Germans improved Enigma,
the Allies had to devote more and more resources to cracking the Enigma cryptosystem. By the
te
end of the war 10,000 people and (newly-invented) computers were all working on Ultra – quite
tu
a change from three Polish mathematicians from years earlier.
sti
Summary
In
“Enigma codes could have been unbreakable, at least with the methods available at the time, had
NS
the machine been used properly. The biggest mistake the Germans made was their blind belief
SA
in the invincibility of Enigma. Procedural errors in using the machine, combined with occasional
operator laziness, allowed the Poles and, subsequently the British, to crack the "unbreakable"
codes.” 6
©
The cracking of the Enigma cryptosystem can be thought of as, no less than, the most important
secret operation of World War II. The Allies had countless advantages of knowledge over the
Germans. Rommel’s forces in Africa were defeated, in a large part, due to his supplies being
destroyed
Key fingerprint
crossing the
= AF19
Mediterranean.
FA27 2F94 Ultra
998Dinformed
FDB5 DE3Dthe Allies
F8B5of06E4
the German
A169 4E46
supply schedules
and routes. U-boats were reporting their positions to Admiral Dönitz, who directed the ‘wolf
pack’ attacks. Once the naval version of Enigma was cracked, U-boats had the highest fatality
rate of all the German services. The U-boat “happy times” were over.
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.The importance of breaking the German Enigma code cannot be underestimated. “Information
from the decrypted messages was used by the Allies time after time to outmaneuver German
armies. Some ask why, if we were reading the Enigma, we did not win the war earlier. One
might ask, instead, when, if ever, we would have won the war if we hadn't read it.” 7
Simply put, the Germany’s weakest link was the human factor.
Lessons learned
ts
igh
Today’s managers and computer professionals face the ever-daunting tasks concerning IT
security. These professionals must not fall victim to the weakest link – the human factor.
ll r
Implementing
Key fingerprint
the latest
= AF19
mostFA27
advanced
2F94 equipment
998D FDB5 andDE3D
security
F8B5
safeguards
06E4 A169
are to
4E46
no avail if all
the users are not properly trained to be part of the security plan.
fu
ins
There are numerous controls IT professionals can implement to safeguard electronic
information from unauthorized users. But it's the authorized end users that possess the IDs
eta
and passwords to access that data giving them the ability to print it, share it, alter it or delete
it. If they are careless with or choose weak passwords, casually discard confidential printed
rr
reports in the trash, prop open doors to secured areas, fail to scan new files for viruses, or
leave back-ups of data unsecured, then that information remains at risk.
ho
ut
A Security Awareness program is probably the most important weapon in the Information
,A
Security professional’s arsenal. A company can have every security product known to the
industry, but these products will be worthless in the face of the one user who disregards or is
01
not even aware of the proper security procedures. This includes something as simple as
keeping their password secret. 8
20
te
Questions that must be addressed in any effective security plan are:
tu
Have users properly been informed of their responsibilities? Do users understand and have
access to the security policy? Are users able to pick easy to crack passwords? Do users have
sti
passwords written and near their work area, for instance posted on their monitors? Do users
In
know not to re-use their business password(s) with any other username/password accounts? Do
users have unauthorized software, such as PCanywhere or a web server, running on their
NS
desktop? Do users have unauthorized modems?
SA
The above is not intended to be a complete and comprehensive checklist, but is given only as a
start of a process of not overlooking the human factor. No security plan is effective without fully
©
considering and integrating all end users (or operators). Every security plan ultimately rests
upon the end users – a lesson learned from history.
References
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Ludwig, Katherine. “Security Awareness: Preventing a Lack in Security Consciousness.” (25
May 2001)
URL: http://www.sans.org/infosecFAQ/aware/lack.htm (20 August 2001)
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.Momsen, Bill. “Codebreaking and Secret Weapons in World War II.” (1996)
URL: http://home.earthlink.net/~nbrass1/1enigma.htm (23 August 2001)
Phillips, Tim. “Standard German Keyboard Layout.” (January 1999)
URL: http://carbon.cudenver.edu/~tphillip/GermanKeyboardLayout.html (25 August 2001)
Sale, Tony. “The components of the Enigma machine.” The Enigma cipher machine.
URL: http://www.codesandciphers.org.uk/enigma/enigma2.htm (22 August 2001)
ts
igh
Sale, Tony. “Military Use of the Enigma.” The Enigma cipher machine.
URL: http://www.codesandciphers.org.uk/enigma/enigma3.htm (22 August 2001)
ll r
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
The National Security Agency. “The Enigma.” National Cryptologic Museum.
fu
URL: http://www.nsa.gov/museum/enigma.html (24 August 2001)
ins
eta
1
Momsen, Chapter I. rr
2
Sale, Components of the Enigma Machine.
ho
ut
3
Sale, Components of the Enigma Machine.
,A
4
Sale, Components of the Enigma Machine.
01
5
20
Sale, Military Use of the Enigma.
te
6
Momsen, Chapter I.
tu
7
National Security Agency, The Enigma.
sti
In
8
Ludwig, Security Awareness.
NS
SA
©
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
© SANS Institute 2001, As part of the Information Security Reading Room. Author retains full rights.Last Updated: September 26th, 2020
Upcoming SANS Training
Click here to view a list of all SANS Courses
SANS October Singapore 2020 Singapore, SG Oct 12, 2020 - Oct 24, 2020 Live Event
SANS Community CTF , Oct 15, 2020 - Oct 16, 2020 Self Paced
SANS SEC504 Rennes 2020 (In French) Rennes, FR Oct 19, 2020 - Oct 24, 2020 Live Event
SANS SEC560 Lille 2020 (In French) Lille, FR Oct 26, 2020 - Oct 31, 2020 Live Event
SANS Tel Aviv November 2020 Tel Aviv, IL Nov 01, 2020 - Nov 06, 2020 Live Event
SANS Sydney 2020 Sydney, AU Nov 02, 2020 - Nov 14, 2020 Live Event
SANS Secure Thailand Bangkok, TH Nov 09, 2020 - Nov 14, 2020 Live Event
APAC ICS Summit & Training 2020 Singapore, SG Nov 13, 2020 - Nov 21, 2020 Live Event
SANS FOR508 Rome 2020 (in Italian) Rome, IT Nov 16, 2020 - Nov 21, 2020 Live Event
SANS Community CTF , Nov 19, 2020 - Nov 20, 2020 Self Paced
SANS Local: Oslo November 2020 Oslo, NO Nov 23, 2020 - Nov 28, 2020 Live Event
SANS Wellington 2020 Wellington, NZ Nov 30, 2020 - Dec 12, 2020 Live Event
SANS OnDemand OnlineUS Anytime Self Paced
SANS SelfStudy Books & MP3s OnlyUS Anytime Self PacedYou can also read
